Russians Targeted McCaskill Campaign

News  |  Jul 26, 2018

UPDATE: MSNBC's Kyle Griffin has Senator McCaskill's response:

mccaskill response


According to a forensic analysis by The Daily Beast, the same group of Russian hackers who targeted Hillary Clinton's campaign, the Democratic National Committee, and the Democratic Congressional Campaign Committee during the 2016 election tried to get access to Senator Claire McCaskill (D-MO) reelection campaign staffers' accounts. 

That makes the Missouri Democrat the first identified target of the Kremlin’s 2018 election interference.

McCaskill, who has been highly critical of Russia over the years, is widely considered to be among the most vulnerable Senate Democrats facing re-election this year as Republicans hope to hold their slim majority in the Senate ...

There’s no evidence to suggest that this particular attack was successful.  Asked about the hack attempt by Russia’s GRU intelligence agency, McCaskill told The Daily Beast on Thursday that she wasn’t yet prepared to discuss it.

“I’m not going to speak of it right now,” she said. “I think we’ll have something on it next week. I’m not going to speak about it right now. I can’t confirm or do anything about it right now.”

The Daily Beast says the hack attempt took place around August 2017.

The attempt against McCaskill’s office was a variant of the password-stealing technique used by Russia’s so-called “Fancy Bear” hackers against Clinton’s campaign chairman, John Podesta, in 2016.

The hackers sent forged notification emails to Senate targets claiming the target’s Microsoft Exchange password had expired, and instructing them to change it. If the target clicked on the link, he or she was taken to a convincing replica of the U.S. Senate’s Active Directory Federation Services (ADFS) login page, a single sign-on point for e-mail and other services.  

As with the Podesta phishing, each Senate phishing email had a different link coded with the recipient's email address. That allowed the fake password-change webpage to display the user’s email address when they arrived, making the site more convincing.   

In October, Microsoft wrested control of one of the spoofed website addresses—adfs.senate.qov.info. Seizing the Russians’ malicious domain names has been easy for Microsoft since August 2017, when a federal judge in Virginia issued a permanent injunction against the GRU hackers, after Microsoft successfully sued them as unnamed “John Doe” defendants. The court established a process that lets Microsoft take over any web addresses the hackers use that includes a Microsoft trademark.

(...)

The Daily Beast identified McCaskill as a target while investigating statements made by Microsoft VP Tom Burt last week in an appearance at the Aspen Security Forum. Burton discussed the Virginia injunction, and told the audience that it allowed Microsoft to thwart a phishing campaign against three midterm election candidates, who he declined to name.

The Daily Beast explains why Senator McCaskill, in addition to facing a tough re-election race, may be a GRU target. 

McCaskill has spoken out forcefully against Moscow, likening Russian election-meddling to “a form of warfare” and calling Putin a “thug and a bully.” She was also caught up in the Podesta hack, which was revealed when WikiLeaks released the Clinton campaign chair’s private email communications. The document dump showed that McCaskill called Podesta to inform him that she had “info” about an individual working in the State Department’s inspector general’s office, which at the time was investigating Clinton’s private email server. The “info” was that a top aide at the inspector general’s office once worked for a Republican senator, Chuck Grassley of Iowa.

McCaskill’s criticisms of WikiLeaks stretch back nearly a decade. In 2010, she and Sen. Lindsey Graham (R-S.C.) called for prosecutions of individuals who send classified information to WikiLeaks. Earlier this month, Mueller’s GRU indictment included Russian intelligence officers who, through the Guccifer2.0 persona, are accused of funnelling the hacked 2016 data to WikiLeaks.

“I hope we can find out where this is coming from and go after them with the force of law,” she said at the time.

Russian Hackers’ New Target: a Vulnerable Democratic Senator (The Daily Beast)